You may see that as essential, I see that as complete paranoia. I can't even remember the last time I worried about malware, I don't let such thoughts drive me, the computer is a tool that I use for whatever purpose I logged on for. Agreed.
That's not always true and valid. Microsoft Security Essentials gets updates from Microsoft Malware Protection Center. MMPC produces signature updates exactly 3 times per day. The reason is that they cannot afford to rush. If you haven't noticed they keep a very good business reputation and they are the only one who had zero false positives. They advertise MSE as a program that catches real threats not good programs. MMPC tests each and every signatures against huge database of TB of data. Check the latest AV-Test and AV-Comparatives reports (FP sections) and try to remember when was the last time you heard someone with Microsoft product complain from a FP. FPs can be huge issue for business of all kind. I recommend you search Microsoft Technet for videos of the business version Forefront Endpoint Protection 2010 - Forefront uses the same signatures/updates/engine as MSE. You'll see how Microsoft security products use the dynimic signatures (the so called "cloud") and Microsoft Network Inspection System (NIS) . I myself have seen it only once in real life and although it is rare - it does exist in the product. Additionally, unlike some third party security products, MSE is a first party program and it interacts with the first party layers of defence. MSE is by design made to be used with all other security features such as Windows Firewall, User Account Control, Windows update, DEP, Internet Explorer (Smart Screen Filter) all latest versions. Smart Screen Filter is very sensitives and so far I have found it only once to miss to advice against a malware downloaded via IE. I am trying to say that there is a reason Microsoft does not rush to update every hour and that MSE is not meant to be first layer of defence against zero-day malware. Small amount of people actually fall victim of zeroday malware.
You say paranoia, I say 'being careful'. I know MSE scans everything I download (even in Firefox & SeaMonkey) but a second opinion doesn't hurt. Besides, MBAM actually does update almost hourly I think. If I wait too long the updating process is longer. A few seconds every day is fine. As I said, it's OK for an on-demand scanner, but a bit pointless on a complete AV. I often expect false-positives in many anti-malware programs, that's why I run MSE as my AV, it has virtually no false-positives.
Hold on your horses... they're a bit wild... (Just kidding!!) But, anyway... Microsoft did let Google Chrome's "malware" definition pass through, though. MSE users demand more quality in the zero false positives!!!
If you relied on Microsoft technology completely (I mean if you used IE to download the "malware" then SmartScreen filter could have caught it in the first way. In Windows 8 (which is the latest MS technology) there is a SmartScreen filter even for files on the disk, not just downloads. People and even testing organisations consider MSE as a single warior. Truth is that Microsoft does not consider their anti-malware programs as a complete suite. They are just something that is supposed to be used with all other latest first party technologies and MSE/Windows Defender solely aim is to *help* guard Windows reputation as a good operating system.
@Change__, what makes you think only a small number of people fall victim to zero day malware? Enough people are falling for malware and that is why the criminals can afford to create them at the rate they do. I dont know why anyone would think updates are more throughly checked just because less are released. microsoft are a huge company and could easily push out hourly updates without any issues. I wish microsoft would have more detailed changelogs about what is changed.
Indeed. But, my comment was meant for the they are the only one who had zero false positives. It may not have any in the so-called official tests, but it did have in real world scenario. I actually think I remember reading, over Google's own forum, that it automatically deleted a few Google Chrome installations. Not sure, though. Anyway...
You do realize I'm talking about false positives? Microsoft Security Essentials wrongly detected Google Chrome web browser as being malware. If Internet Explorer SmartScreen, etc., all flagged it, then it would have been quite a surprise...
I actually don't understand what user Change is talking about. He/She mentioned MMPC produces signature updates exactly 3 times per day. The reason is that they cannot afford to rush. Rush what exactly? If the malware definitions are updated 3 times a day, then they should be careful with the false positives, before providing updated definitions, 3 times a day. Not after. So... supposing they did make sure all was OK, then why not release them gradually to all MSE users?
I can think of why. The proof of the pudding is in the eating. MSE has one of the lowest f-p rates known to mankind. Therefore they are more thoroughly checked ipso facto.
Well, very very very low is still better than most AV false-positive scores. I reckon removing Chrome was an MS in-joke LOL!
I have an antivirus with no database. It has no false positives. Am I thoroughly checking my database? There can be plenty of explanations. That said, there are tradeoffs to pushing out tons of updates and pushing out a single large update.
Yes, bollocks explanations & cyber-sophistry no doubt LOL. Yet, at the end of the day, MSE has far far fewer f-ps than virtually any other AV. Just how are MS pulling this off? Apparently MS are pushing 3 updates every 24 hours. Surely that's enough for anyone? It's hardly one huge update. All I can say is that MS are doing this very well & it seems to work. There will always be a trade-off between aggressive malware detection & false-positives. Usually, the more aggressive the more f-ps. I'm guessing that MS are being quite meticulous about these updates & are being genuinely thorough in testing them before release, & doing it much better than most AV companies. I honestly don't see anything wrong with this approach. It's definitely working.
FWIW. This is a very useful site if you want to know how many updates the vendors push out each day. http://www.av-test.org/en/statistics/updates/ And one can also make a comparison at the bottom by choosing 5 products that you want to compare. I thought I could mention it because I don't think that we have talked about this site before. And AFAIK this is the only site that tracks how many updates each vendor push out. So thanks to AV-Test for this service
I like MSE...and I want to like it... But my main argument stands: If they are so proud of MAPS cloud system, they should use it more and at least provide the option to block unknown files. Their zero-day protection is the main issue. Next comes the lack of a self-protection module, which btw Rob Koch is an MCC. He is not currently a developer I don't think.
Because real world shows that MSE users don't complain because of FP Because antivirus tests shows that MSE produces ZERO false positives Because you can watch a video on Forefront on MS TechNet where MS employees explain that they test very carefully against huge amount of known files to ensure the updates that are released don't flag anything good.
This is what happens when AV Companies do not thoroughly Q.A. [Quality Assurance] test their virus definitions before releasing them to their customers [enterprise & home users alike]: ---http://www.zdnet.com/blog/bott/defective-mcafee-update-causes-worldwide-meltdown-of-xp-pcs/2003 At least, Microsoft deserves credit for not provoking a worldwide Windows computer meltdown wherever MSE and/or Forefront are installed and getting virus defs updates. It looks like their Q.A. team is doing a good job on that regard. That's why I'd rather have a lower frequency of virus defs updates but thoroughly tested before being pushed, than having 15 definitions a day and, one of those defs ending up rendering my system unbootable. That might not seem a nightmare for one or two home PCs but, in a corporate environment with 1000+ [thousands] PCs it could spell a disaster. Carlos
Time has nothing to do with thoroughness of false positive prevention. Microsoft has the resources to check for false positives to such extent. They are the makers of their OS, they release certificates for companies who make software for their OS, they have different partner levels and all this derives back to them in some way. You also have to understand that having false positive on a system file and a false positive on an non-essential file is a completely different thing. And most have additional system file checks in place that prevent system failure because of FP. And the fact that i certainly prefer having a FP or two here and there than having an AV that's too passive and tends to miss actual malware just because they don't want to make it more aggressive. Having a non-essential FP is far less destructive than missing a real malware... but that's my logic, not everyone will agree on that...
Well I think that logic makes perfect sense,its a balancing act. No one should have to settle for weak protections for low FPS or high detection with dozens of FP's either.
Most prefer having no/little FP (that could potentially affects Windows performance / other software) than having a super up to date product for zero-day that you aren't going to come across to. Oh and the MAPS, can help detect the "scary" zero-day.
